Safeguarding Personal Data – Penalties Await Financial Entities Violating Saudi Arabia’s Data Protection Laws

Impact and Compliance of Financial Entities Under the New Personal Data Protection Mandate

Saudi Arabia has taken a significant step towards safeguarding personal data by enacting the Personal Data Protection Law. With the exponential growth in digital transactions and data sharing, the protection of personal information has become a paramount concern. Financial entities deal with substantial amounts of sensitive customer data, making their compliance with the new law of utmost importance. To ensure data privacy and security, the Saudi Arabian authorities have implemented strict penalties for financial entities found in violation of the Personal Data Protection Law.

New PDPL Regime and its Impact on the Banking and Financial Services Sector

The Personal Data Protection Law was introduced in the Kingdom of Saudi Arabia to align the nation’s data protection standards with international best practices and to provide individuals with enhanced control over their personal information. The law encompasses various principles, including consent, purpose limitation, data accuracy, security, and accountability.

Saudi Arabia’s Personal Data Protection Law (PDPL) is safeguarding individuals’ privacy and imposing significant penalties on banks for non-compliance. Effective from September 14, 2023, the PDPL regulates the handling of personal data by entities operating within the Kingdom.

The PDPL draws inspiration from globally recognized data protection laws, such as the EU’s General Data Protection Regulation, and is guided by principles such as consent, transparency, lawfulness, and purpose limitation. This makes it relatively straightforward for most companies to comply. However, industries that extensively deal with personal data, such as the banking and financial services sector, may face additional requirements and the need to implement stricter controls, policies, and protocols.

Rigorous Penalties for Non-Compliance: From Fines to Revocation of Banking Licenses

Compliance obligations include ensuring the security, accuracy, and confidentiality of personal data, which may impact an organization’s IT infrastructure, systems, and policies. Data controllers must obtain explicit consent from individuals before processing their personal data unless specific exceptions apply. Additionally, companies are required to appoint a data protection officer, conduct data protection impact assessments, report data breaches, and obtain prior approval for cross-border data transfers.

Failure to comply with the PDPL can lead to severe consequences, including fines of up to SR3 million ($800,000) or imprisonment for up to two years. In exceptional cases or persistent non-compliance, the Saudi Central Bank (SAMA) reserves the right to suspend or revoke banking licenses.

Although the precise process for reporting and handling non-compliance cases is still being defined, it is likely that individuals will be directed to the Ministry of Commerce, which will establish an official reporting and complaint handling mechanism over time.

The Smart Rental Index in Dubai: A Legal Analysis

The Smart Rental Index is a crucial instrument for regulating the rental market in Dubai. It contributes to market stability and transparency, providing legal guidance for both tenants and landlords. However, there remains room for optimization, particularly in considering individual property characteristics and maintaining flexibility for investors. A continuous adaptation of the index to market conditions could help establish a balanced relationship between tenant protection and economic attractiveness for landlords and investors.

Conversion from Leasehold to Freehold Properties in Dubai

The Dubai Land Department (DLD) has announced that private property owners in two prominent areas, Sheikh Zayed Road (from the Trade Centre Roundabout to the Water Canal) and Al Jaddaf, can convert their property ownership to freehold status. This opportunity is available to all nationalities and applies to 457 eligible plots: 128 in Sheikh Zayed Road and 329 in Al Jaddaf. The initiative is part of Dubai’s Real Estate Strategy 2033, aimed at driving growth and strengthening the emirate’s position as a global hub for real estate investment.

Recent Developments in Employment Law in the UAE: Focus on Abu Dhabi Global Market and Remote Work

Significant reforms to UAE employment law will take effect in April 2025, focusing on the groundbreaking regulations of the Abu Dhabi Global Market. These updates redefine employee rights, introduce comprehensive protections for remote workers, and reinforce the UAE’s position as a leader in flexible work models. The new regulations mark an important step in the evolution of the labor market, aligning it with the modern demands of the workforce

The Cologne Regional Court ruled that a chocolate product cannot be marketed as "Dubai Chocolate" if it is neither produced in Dubai nor has any geographical connection to Dubai. Distribution companies had advertised the chocolate with phrases like "a touch of Dubai" and "bringing the magic of Dubai to your home." The court deemed this misleading, as consumers might assume the chocolate originates from Dubai. Such use of geographical indications is prohibited under Section 128(1) of the German Trademark Act

District Court of Cologne Decision: Misleading Advertising – Dubai Chocolate Must Come from Dubai

The Cologne District Court ruled that a chocolate product cannot be marketed as „Dubai Chocolate“ if it is neither produced in Dubai nor has any geographical connection to Dubai. Distribution companies had advertised the chocolate with phrases like „a touch of Dubai“ and „bringing the magic of Dubai to your home.“ The court deemed this misleading, as consumers might assume the chocolate originates from Dubai. Such use of geographical indications is prohibited under Section 128(1) of the German Trademark Act.

Author

TME Legal